Title : 
Sesame: a secure and convenient mobile solution for passwords
         
        
            Author : 
Aliasgari, Mehrdad ; Sabol, Nick ; Sharma, Ashutosh
         
        
            Author_Institution : 
Dept. of Comput. Eng. & Comput. Sci., California State Univ., Long Beach, Long Beach, CA, USA
         
        
        
        
        
        
            Abstract : 
Passwords are the main and most common method of remote authentication. However, they have their own frustrating challenges. Users tend to forget passwords that are chosen to be hard to guess. Password managers are an approach to keeping our passwords safe. However, they mainly rely on one master password to secure all of our passwords. If this master password is compromised then all other passwords can be recovered. In this work, we introduce Sesame: a secure yet convenient mobile-based, voice-activated password manager. It combines all different methods of user authentication to create a more robust digital vault for personal data. Each password is encrypted with a new fresh key on the user´s mobile device for maximum security. The keys are stored in our servers in a protected format. The user has the option of backing up the encrypted passwords in any cloud service. To view a password, the user only needs to utter the name of a web service, and speaker and speech recognition are applied for authentication. Only the key for that service is sent to the mobile application and the password is decrypted and displayed. The biggest advantage of Sesame is that the user need not assume any trust to neither our servers nor any cloud storage. Also, there is no need to enter a master password every time since speaker recognition is used. However, as an alternative to voice, users can view their passwords using a master password in case voice is not available. We provide a brief analysis of the security of our solution that has been implemented on Android platform and freely available on Google Play. Sesame is an ideal and practical solution for mobile password managers.
         
        
            Keywords : 
Android (operating system); Web services; authorisation; cloud computing; cryptography; mobile computing; speaker recognition; Android platform; Google Play; Sesame; Web service; cloud service; cloud storage; digital vault; master password; mobile application; mobile device; mobile-based voice-activated password manager; password decryption; password encryption; personal data; remote authentication; speaker recognition; speech recognition; Authentication; Cryptography; Mobile handsets; Servers; Speaker recognition; Speech recognition; Biometrics; Mobile Authentication; Password Management; Secure Cloud Storage; Speaker recognition;
         
        
        
        
            Conference_Titel : 
Mobile and Secure Services (MOBISECSERV), 2015 First Conference on
         
        
            Conference_Location : 
Gainesville, FL
         
        
        
            DOI : 
10.1109/MOBISECSERV.2015.7072879